{"id":"SUSE-SU-2023:3318-1","summary":"Security update for the Linux Kernel","details":"\n\nThe SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).\n- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).\n- CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).\n- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).\n- CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272).\n- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).\n- CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627).\n- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).\n- CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).\n- CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).\n- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).\n- CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502).\n- CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).\n- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).\n- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).\n- CVE-2023-3609: Fixed reference counter leak leading to  overflow in net/sched (bsc#1213586).\n- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).\n- CVE-2023-3776: Fixed improper refcount update in  cls_fw leads to use-after-free (bsc#1213588).\n- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).\n- CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812).\n\nThe following non-security bugs were fixed:\n\n- acpi: utils: fix acpi_evaluate_dsm_typed() redefinition error (git-fixes).\n- add module_firmware() for firmware_tg357766 (git-fixes).\n- afs: adjust ack interpretation to try and cope with nat (git-fixes).\n- afs: fix access after dec in put functions (git-fixes).\n- afs: fix afs_getattr() to refetch file status if callback break occurred (git-fixes).\n- afs: fix dynamic root getattr (git-fixes).\n- afs: fix fileserver probe rtt handling (git-fixes).\n- afs: fix infinite loop found by xfstest generic/676 (git-fixes).\n- afs: fix lost servers_outstanding count (git-fixes).\n- afs: fix server-\u003eactive leak in afs_put_server (git-fixes).\n- afs: fix setting of mtime when creating a file/dir/symlink (git-fixes).\n- afs: fix updating of i_size with dv jump from server (git-fixes).\n- afs: fix vlserver probe rtt handling (git-fixes).\n- afs: return -eagain, not -eremoteio, when a file already locked (git-fixes).\n- afs: use refcount_t rather than atomic_t (git-fixes).\n- afs: use the operation issue time instead of the reply time for callbacks (git-fixes).\n- alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes).\n- alsa: fireface: make read-only const array for model names static (git-fixes).\n- alsa: hda/realtek - remove 3k pull low procedure (git-fixes).\n- alsa: hda/realtek: add quirk for asus rog g614jx (git-fixes).\n- alsa: hda/realtek: add quirk for asus rog ga402x (git-fixes).\n- alsa: hda/realtek: add quirk for asus rog gx650p (git-fixes).\n- alsa: hda/realtek: add quirk for asus rog gz301v (git-fixes).\n- alsa: hda/realtek: add quirk for clevo npx0snx (git-fixes).\n- alsa: hda/realtek: add quirk for clevo ns70au (git-fixes).\n- alsa: hda/realtek: add quirks for unis h3c desktop b760 & q760 (git-fixes).\n- alsa: hda/realtek: add support for dell oasis 13/14/16 laptops (git-fixes).\n- alsa: hda/realtek: amend g634 quirk to enable rear speakers (git-fixes).\n- alsa: hda/realtek: enable mute led on hp laptop 15s-eq2xxx (git-fixes).\n- alsa: hda/realtek: fix generic fixup definition for cs35l41 amp (git-fixes).\n- alsa: hda/realtek: support asus g713pv laptop (git-fixes).\n- alsa: hda/realtek: whitespace fix (git-fixes).\n- alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes).\n- alsa: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes).\n- alsa: oxfw: make read-only const array models static (git-fixes).\n- alsa: pcm: fix potential data race at pcm memory allocation helpers (git-fixes).\n- alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129).\n- alsa: usb-audio: update for native dsd support quirks (git-fixes).\n- apparmor: fix missing error check for rhashtable_insert_fast (git-fixes).\n- arm64/mm: mark private vm_fault_x defines as vm_fault_t (git-fixes)\n- arm64: dts: microchip: sparx5: do not use psci on reference boards (git-fixes)\n- arm64: vdso: pass (void *) to virt_to_page() (git-fixes)\n- arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)\n- asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes).\n- asoc: codecs: es8316: fix dmic config (git-fixes).\n- asoc: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes).\n- asoc: codecs: wcd934x: fix resource leaks on component remove (git-fixes).\n- asoc: codecs: wcd938x: fix codec initialisation race (git-fixes).\n- asoc: codecs: wcd938x: fix db range for hphl and hphr (git-fixes).\n- asoc: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes).\n- asoc: codecs: wcd938x: fix soundwire initialisation race (git-fixes).\n- asoc: da7219: check for failure reading aad irq events (git-fixes).\n- asoc: da7219: flush pending aad irq when suspending (git-fixes).\n- asoc: fsl_sai: disable bit clock with transmitter (git-fixes).\n- asoc: fsl_spdif: silence output on stop (git-fixes).\n- asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes).\n- asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes).\n- asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes).\n- asoc: tegra: fix adx byte map (git-fixes).\n- asoc: tegra: fix amx byte map (git-fixes).\n- asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes).\n- ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).\n- block, bfq: fix division by zero error on zero wsum (bsc#1213653).\n- block: fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes).\n- can: bcm: fix uaf in bcm_proc_show() (git-fixes).\n- can: gs_usb: gs_can_close(): add missing set of can state to can_state_stopped (git-fixes).\n- ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856).\n- cifs: add a warning when the in-flight count goes negative (bsc#1193629).\n- cifs: address unused variable warning (bsc#1193629).\n- cifs: do all necessary checks for credits within or before locking (bsc#1193629).\n- cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).\n- cifs: fix max_credits implementation (bsc#1193629).\n- cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629).\n- cifs: fix session state check in smb2_find_smb_ses (bsc#1193629).\n- cifs: fix session state transition to avoid use-after-free issue (bsc#1193629).\n- cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).\n- cifs: fix status checks in cifs_tree_connect (bsc#1193629).\n- cifs: log session id when a matching ses is not found (bsc#1193629).\n- cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629).\n- cifs: prevent use-after-free by freeing the cfile later (bsc#1193629).\n- cifs: print all credit counters in debugdata (bsc#1193629).\n- cifs: print client_guid in debugdata (bsc#1193629).\n- cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629).\n- cifs: print nosharesock value while dumping mount options (bsc#1193629).\n- clk: qcom: camcc-sc7180: add parent dependency to all camera gdscs (git-fixes).\n- clk: qcom: gcc-ipq6018: use floor ops for sdcc clocks (git-fixes).\n- coda: avoid partial allocation of sig_inputargs (git-fixes).\n- codel: fix kernel-doc notation warnings (git-fixes).\n- crypto: kpp - add helper to set reqsize (git-fixes).\n- crypto: qat - use helper to set reqsize (git-fixes).\n- delete suse/memcg-drop-kmem-limit_in_bytes. drop the patch in order to fix bsc#1213705.\n- devlink: fix kernel-doc notation warnings (git-fixes).\n- dlm: fix missing lkb refcount handling (git-fixes).\n- dlm: fix plock invalid read (git-fixes).\n- docs: networking: update codeaurora references for rmnet (git-fixes).\n- documentation: abi: sysfs-class-net-qmi: pass_through contact update (git-fixes).\n- documentation: bonding: fix the doc of peer_notif_delay (git-fixes).\n- documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes).\n- documentation: timers: hrtimers: make hybrid union historical (git-fixes).\n- drm/amd/display: correct `dmub_fw_version` macro (git-fixes).\n- drm/amd/display: disable mpc split by default on special asic (git-fixes).\n- drm/amd/display: keep phy active for dp displays on dcn31 (git-fixes).\n- drm/amdgpu: avoid restore process run into dead loop (git-fixes).\n- drm/amdgpu: fix clearing mappings for bos that are always valid in vm (git-fixes).\n- drm/amdgpu: set vmbo destroy after pt bo is created (git-fixes).\n- drm/amdgpu: validate vm ioctl flags (git-fixes).\n- drm/atomic: allow vblank-enabled + self-refresh 'disable' (git-fixes).\n- drm/atomic: fix potential use-after-free in nonblocking commits (git-fixes).\n- drm/bridge: tc358768: add atomic_get_input_bus_fmts() implementation (git-fixes).\n- drm/bridge: tc358768: fix tclk_trailcnt computation (git-fixes).\n- drm/bridge: tc358768: fix ths_trailcnt computation (git-fixes).\n- drm/bridge: tc358768: fix ths_zerocnt computation (git-fixes).\n- drm/client: fix memory leak in drm_client_modeset_probe (git-fixes).\n- drm/client: fix memory leak in drm_client_target_cloned (git-fixes).\n- drm/i915/psr: use hw.adjusted mode when calculating io/fast wake times (git-fixes).\n- drm/i915: fix one wrong caching mode enum usage (git-fixes).\n- drm/msm/adreno: fix snapshot bindless_data size (git-fixes).\n- drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes).\n- drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).\n- drm/msm/dpu: set dpu_data_hctl_en for in intf_sc7180_mask (git-fixes).\n- drm/msm: fix is_err_or_null() vs null check in a5xx_submit_in_rb() (git-fixes).\n- drm/panel: simple: add connector_type for innolux_at043tn24 (git-fixes).\n- drm/panel: simple: add powertip ph800480t013 drm_display_mode flags (git-fixes).\n- drm/radeon: fix integer overflow in radeon_cs_parser_init (git-fixes).\n- drm/ttm: do not leak a resource on swapout move error (git-fixes).\n- drop amdgpu patches for fixing regression (bsc#1213304,bsc#1213777)\n- dt-bindings: phy: brcm,brcmstb-usb-phy: fix error in 'compatible' conditional schema (git-fixes).\n- enable nxp snvs rtc driver for i.mx 8mq/8mp (jsc#PED-4758)\n- ext4: add ea_inode checking to ext4_iget() (bsc#1213106).\n- ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088).\n- ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109).\n- ext4: add strict range checks while freeing blocks (bsc#1213089).\n- ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).\n- ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018).\n- ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090).\n- ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103).\n- ext4: disallow ea_inodes with extended attributes (bsc#1213108).\n- ext4: fail ext4_iget if special inode unallocated (bsc#1213010).\n- ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111).\n- ext4: fix data races when using cached status extents (bsc#1213102).\n- ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105).\n- ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015).\n- ext4: fix lockdep warning when enabling mmp (bsc#1213100).\n- ext4: fix reusing stale buffer heads from last failed mounting (bsc#1213020).\n- ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096).\n- ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021).\n- ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098).\n- ext4: fix warning in ext4_update_inline_data (bsc#1213012).\n- ext4: fix warning in mb_find_extent (bsc#1213099).\n- ext4: improve error handling from ext4_dirhash() (bsc#1213104).\n- ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017).\n- ext4: move where set the may_inline_data flag is set (bsc#1213011).\n- ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019).\n- ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087).\n- ext4: refuse to create ea block when umounted (bsc#1213093).\n- ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107).\n- ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110).\n- ext4: update s_journal_inum if it changes after journal replay (bsc#1213094).\n- ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092).\n- ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013).\n- fbdev: au1200fb: fix missing irq check in au1200fb_drv_probe (git-fixes).\n- fbdev: imxfb: warn about invalid left/right margin (git-fixes).\n- file: always lock position for fmode_atomic_pos (bsc#1213759).\n- fix documentation of panic_on_warn (git-fixes).\n- fs: dlm: add midcomms init/start functions (git-fixes).\n- fs: dlm: do not set stop rx flag after node reset (git-fixes).\n- fs: dlm: filter user dlm messages for kernel locks (git-fixes).\n- fs: dlm: fix log of lowcomms vs midcomms (git-fixes).\n- fs: dlm: fix race between test_bit() and queue_work() (git-fixes).\n- fs: dlm: fix race in lowcomms (git-fixes).\n- fs: dlm: handle -ebusy first in lock arg validation (git-fixes).\n- fs: dlm: move sending fin message into state change handling (git-fixes).\n- fs: dlm: retry accept() until -eagain or error returns (git-fixes).\n- fs: dlm: return positive pid value for f_getlk (git-fixes).\n- fs: dlm: start midcomms before scand (git-fixes).\n- fs: hfsplus: remove warn_on() from hfsplus_cat_{read,write}_inode() (git-fixes).\n- fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes).\n- fs: jfs: fix null-ptr-deref read in txbegin (git-fixes).\n- fs: jfs: fix ubsan: array-index-out-of-bounds in dballocdmaplev (git-fixes).\n- fuse: ioctl: translate enosys in outarg (bsc#1213524).\n- fuse: revalidate: do not invalidate if interrupted (bsc#1213523).\n- gve: set default duplex configuration to full (git-fixes).\n- gve: unify driver name usage (git-fixes).\n- hvcs: fix hvcs port reference counting (bsc#1213134 ltc#202861).\n- hvcs: get reference to tty in remove (bsc#1213134 ltc#202861).\n- hvcs: synchronize hotplug remove with port free (bsc#1213134 ltc#202861).\n- hvcs: use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861).\n- hvcs: use driver groups to manage driver attributes (bsc#1213134 ltc#202861).\n- hvcs: use vhangup in hotplug remove (bsc#1213134 ltc#202861).\n- hwmon: (adm1275) allow setting sample averaging (git-fixes).\n- hwmon: (k10temp) enable amd3255 proc to show negative temperature (git-fixes).\n- hwmon: (nct7802) fix for temp6 (peci1) processed even if peci1 disabled (git-fixes).\n- hwmon: (pmbus/adm1275) fix problems with temperature monitoring on adm1272 (git-fixes).\n- i2c: xiic: defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes).\n- i2c: xiic: do not try to handle more interrupt events after error (git-fixes).\n- iavf: fix out-of-bounds when setting channels on remove (git-fixes).\n- iavf: fix use-after-free in free_netdev (git-fixes).\n- iavf: use internal state to free traffic irqs (git-fixes).\n- ib/hfi1: use bitmap_zalloc() when applicable (git-fixes)\n- igc: check if hardware tx timestamping is enabled earlier (git-fixes).\n- igc: enable and fix rx hash usage by netstack (git-fixes).\n- igc: fix inserting of empty frame for launchtime (git-fixes).\n- igc: fix kernel panic during ndo_tx_timeout callback (git-fixes).\n- igc: fix launchtime before start of cycle (git-fixes).\n- igc: fix race condition in ptp tx code (git-fixes).\n- igc: handle pps start time programming for past time values (git-fixes).\n- igc: prevent garbled tx queue with xdp zerocopy (git-fixes).\n- igc: remove delay during tx ring configuration (git-fixes).\n- igc: set tp bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes).\n- igc: work around hw bug causing missing timestamps (git-fixes).\n- inotify: avoid reporting event with invalid wd (bsc#1213025).\n- input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes).\n- input: iqs269a - do not poll during ati (git-fixes).\n- input: iqs269a - do not poll during suspend or resume (git-fixes).\n- jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095).\n- jdb2: do not refuse invalidation of already invalidated buffers (bsc#1213014).\n- jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).\n- jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).\n- jffs2: fix memory leak in jffs2_scan_medium (git-fixes).\n- jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes).\n- jffs2: gc deadlock reading a page that is used in jffs2_write_begin() (git-fixes).\n- jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes).\n- jfs: jfs_dmap: validate db_l2nbperpage while mounting (git-fixes).\n- kabi/severities: add vas symbols changed due to recent fix vas accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers\n- kabi: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243).\n- kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps')\n- kselftest: vdso: fix accumulation of uninitialized ret when clock_realtime is undefined (git-fixes).\n- kvm: arm64: do not read a hw interrupt pending state in user context (git-fixes)\n- kvm: arm64: warn if accessing timer pending state outside of vcpu (bsc#1213620)\n- kvm: do not null dereference ops-\u003edestroy (git-fixes)\n- kvm: downgrade two bug_ons to warn_on_once (git-fixes)\n- kvm: initialize debugfs_dentry when a vm is created to avoid null (git-fixes)\n- kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867).\n- kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-fixes).\n- kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-fixes).\n- kvm: vmx: restore vmx_vmexit alignment (git-fixes).\n- kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes).\n- leds: trigger: netdev: recheck netdev_led_mode_linkup on dev rename (git-fixes).\n- libceph: harden msgr2.1 frame segment length checks (bsc#1213857).\n- media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes).\n- media: cec: i2c: ch7322: also select regmap (git-fixes).\n- media: i2c: correct format propagation for st-mipid02 (git-fixes).\n- media: staging: atomisp: select v4l2_fwnode (git-fixes).\n- media: usb: check az6007_read() return value (git-fixes).\n- media: usb: siano: fix warning due to null work_func_t function pointer (git-fixes).\n- media: venus: helpers: fix align() of non power of two (git-fixes).\n- media: videodev2.h: fix struct v4l2_input tuner index comment (git-fixes).\n- memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).\n- mmc: core: disable trim on kingston emmc04g-m627 (git-fixes).\n- mmc: sdhci: fix dma configure compatibility issue when 64bit dma mode is used (git-fixes).\n- net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).\n- net/sched: sch_qfq: reintroduce lmax bound check for mtu (bsc#1213585).\n- net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes).\n- net: mana: add support for vlan tagging (bsc#1212301).\n- net: mana: batch ringing rx queue doorbell on receiving packets (bsc#1212901).\n- net: mana: use the correct wqe count for ringing rq doorbell (bsc#1212901).\n- net: phy: marvell10g: fix 88x3310 power up (git-fixes).\n- net: phy: prevent stale pointer dereference in phy_init() (git-fixes).\n- nfsd: add encoding of op_recall flag for write delegation (git-fixes).\n- nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes).\n- nfsd: fix sparse warning (git-fixes).\n- nfsd: remove open coding of string copy (git-fixes).\n- nfsv4.1: always send a reclaim_complete after establishing lease (git-fixes).\n- nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-fixes).\n- ntb: amd: fix error handling in amd_ntb_pci_driver_init() (git-fixes).\n- ntb: idt: fix error handling in idt_pci_driver_init() (git-fixes).\n- ntb: intel: fix error handling in intel_ntb_pci_driver_init() (git-fixes).\n- ntb: ntb_tool: add check for devm_kcalloc (git-fixes).\n- ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes).\n- nvme-multipath: support io stats on the mpath device (bsc#1210565).\n- nvme-pci: fix dma direction of unmapping integrity data (git-fixes).\n- nvme-pci: remove nvme_queue from nvme_iod (git-fixes).\n- nvme: introduce nvme_start_request (bsc#1210565).\n- ocfs2: check new file size on fallocate call (git-fixes).\n- ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).\n- ocfs2: switch to security_inode_init_security() (git-fixes).\n- octeontx-af: fix hardware timestamp configuration (git-fixes).\n- octeontx2-af: move validation of ptp pointer before its usage (git-fixes).\n- octeontx2-pf: add additional check for mcam rules (git-fixes).\n- opp: fix use-after-free in lazy_opp_tables after probe deferral (git-fixes).\n- pci/pm: avoid putting elopos e2/s2/h2 pcie ports in d3cold (git-fixes).\n- pci: add function 1 dma alias quirk for marvell 88se9235 (git-fixes).\n- phy: hisilicon: fix an out of bounds check in hisi_inno_phy_probe() (git-fixes).\n- phy: revert 'phy: remove soc_exynos4212 dep. from phy_exynos4x12_usb' (git-fixes).\n- phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes).\n- phy: tegra: xusb: clear the driver reference in usb-phy dev (git-fixes).\n- pie: fix kernel-doc notation warning (git-fixes).\n- pinctrl: amd: detect internal gpio0 debounce handling (git-fixes).\n- pinctrl: amd: do not show `invalid config param` errors (git-fixes).\n- pinctrl: amd: fix mistake in handling clearing pins at startup (git-fixes).\n- pinctrl: amd: only use special debounce behavior for gpio 0 (git-fixes).\n- pinctrl: amd: use amd_pinconf_set() for all config options (git-fixes).\n- platform/x86: msi-laptop: fix rfkill out-of-sync on msi wind u100 (git-fixes).\n- powerpc/64: only warn if __pa()/__va() called with bad addresses (bsc#1194869).\n- powerpc/64s: fix vas mm use after free (bsc#1194869).\n- powerpc/book3s64/mm: fix directmap stats in /proc/meminfo (bsc#1194869).\n- powerpc/bpf: fix use of user_pt_regs in uapi (bsc#1194869).\n- powerpc/ftrace: remove ftrace init tramp once kernel init is complete (bsc#1194869).\n- powerpc/interrupt: do not read msr from interrupt_exit_kernel_prepare() (bsc#1194869).\n- powerpc/mm/dax: fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes).\n- powerpc/mm: switch obsolete dssall to .long (bsc#1194869).\n- powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869).\n- powerpc/powernv/vas: assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869).\n- powerpc/prom_init: fix kernel config grep (bsc#1194869).\n- powerpc/secvar: fix refcount leak in format_show() (bsc#1194869).\n- powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869).\n- powerpc: clean vdso32 and vdso64 directories (bsc#1194869).\n- powerpc: define get_cycles macro for arch-override (bsc#1194869).\n- powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869).\n- pwm: ab8500: fix error code in probe() (git-fixes).\n- pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes).\n- pwm: sysfs: do not apply state to already disabled pwms (git-fixes).\n- rdma/bnxt_re: fix hang during driver unload (git-fixes)\n- rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes)\n- rdma/core: update cma destination address on rdma_resolve_addr (git-fixes)\n- rdma/irdma: add missing read barriers (git-fixes)\n- rdma/irdma: fix data race on cqp completion stats (git-fixes)\n- rdma/irdma: fix data race on cqp request done (git-fixes)\n- rdma/irdma: fix op_type reporting in cqes (git-fixes)\n- rdma/irdma: report correct wc error (git-fixes)\n- rdma/mlx4: make check for invalid flags stricter (git-fixes)\n- rdma/mthca: fix crash when polling cq for shared qps (git-fixes)\n- rdma/rxe: fix access checks in rxe_check_bind_mw (git-fixes)\n- regmap: account for register length in smbus i/o limits (git-fixes).\n- regmap: drop initial version of maximum transfer length fixes (git-fixes).\n- revert 'arm64: dts: zynqmp: add address-cells property to interrupt (git-fixes)\n- revert 'debugfs, coccinelle: check for obsolete define_simple_attribute() usage' (git-fixes).\n- revert 'drm/amd/display: edp do not add non-edid timings' (git-fixes).\n- revert 'nfsv4: retry lock on old_stateid during delegation return' (git-fixes).\n- revert 'usb: dwc3: core: enable autoretry feature in the controller' (git-fixes).\n- revert 'usb: gadget: tegra-xudc: fix error check in tegra_xudc_powerdomain_init()' (git-fixes).\n- revert 'usb: xhci: tegra: fix error check' (git-fixes).\n- revert 'xhci: add quirk for host controllers that do not update endpoint dcs' (git-fixes).\n- rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*.\n- rpm: update dependency to match current kmod.\n- rsi: remove kernel-doc comment marker (git-fixes).\n- rxrpc, afs: fix selection of abort codes (git-fixes).\n- s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259).\n- s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258).\n- s390/bpf: add expoline to tail calls (git-fixes bsc#1213870).\n- s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810).\n- s390/debug: add _asm_s390_ prefix to header guard (git-fixes bsc#1213263).\n- s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863).\n- s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871).\n- s390/percpu: add read_once() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252).\n- s390/qeth: fix vipa deletion (git-fixes bsc#1213713).\n- s390/vmem: fix empty page tables cleanup under kasan (git-fixes bsc#1213715).\n- s390: define runtime_discard_exit to fix link error with gnu ld < 2.36 (git-fixes bsc#1213264).\n- s390: discard .interp section (git-fixes bsc#1213247).\n- s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870).\n- scftorture: count reschedule ipis (git-fixes).\n- sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes)\n- sched: fix debug && !schedstats warn (git-fixes)\n- scsi: lpfc: abort outstanding els cmds when mailbox timeout error is detected (bsc#1213756).\n- scsi: lpfc: avoid -wstringop-overflow warning (bsc#1213756).\n- scsi: lpfc: clean up sli-4 sysfs resource reporting (bsc#1213756).\n- scsi: lpfc: copyright updates for 14.2.0.14 patches (bsc#1213756).\n- scsi: lpfc: fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756).\n- scsi: lpfc: fix incorrect big endian type assignment in bsg loopback path (bsc#1213756).\n- scsi: lpfc: fix incorrect big endian type assignments in fdmi and vmid paths (bsc#1213756).\n- scsi: lpfc: fix lpfc_name struct packing (bsc#1213756).\n- scsi: lpfc: make fabric zone discovery more robust when handling unsolicited logo (bsc#1213756).\n- scsi: lpfc: pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756).\n- scsi: lpfc: qualify ndlp discovery state when processing rscn (bsc#1213756).\n- scsi: lpfc: refactor cpu affinity assignment paths (bsc#1213756).\n- scsi: lpfc: remove extra ndlp kref decrement in flogi cmpl for loop topology (bsc#1213756).\n- scsi: lpfc: replace all non-returning strlcpy() with strscpy() (bsc#1213756).\n- scsi: lpfc: replace one-element array with flexible-array member (bsc#1213756).\n- scsi: lpfc: revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756).\n- scsi: lpfc: set establish image pair service parameter only for target functions (bsc#1213756).\n- scsi: lpfc: simplify fcp_abort transport callback log message (bsc#1213756).\n- scsi: lpfc: update lpfc version to 14.2.0.14 (bsc#1213756).\n- scsi: lpfc: use struct_size() helper (bsc#1213756).\n- scsi: qla2xxx: adjust iocb resource on qpair create (bsc#1213747).\n- scsi: qla2xxx: array index may go out of bound (bsc#1213747).\n- scsi: qla2xxx: avoid fcport pointer dereference (bsc#1213747).\n- scsi: qla2xxx: check valid rport returned by fc_bsg_to_rport() (bsc#1213747).\n- scsi: qla2xxx: correct the index of array (bsc#1213747).\n- scsi: qla2xxx: drop useless list_head (bsc#1213747).\n- scsi: qla2xxx: fix buffer overrun (bsc#1213747).\n- scsi: qla2xxx: fix command flush during tmf (bsc#1213747).\n- scsi: qla2xxx: fix deletion race condition (bsc#1213747).\n- scsi: qla2xxx: fix end of loop test (bsc#1213747).\n- scsi: qla2xxx: fix erroneous link up failure (bsc#1213747).\n- scsi: qla2xxx: fix error code in qla2x00_start_sp() (bsc#1213747).\n- scsi: qla2xxx: fix inconsistent tmf timeout (bsc#1213747).\n- scsi: qla2xxx: fix null pointer dereference in target mode (bsc#1213747).\n- scsi: qla2xxx: fix potential null pointer dereference (bsc#1213747).\n- scsi: qla2xxx: fix session hang in gnl (bsc#1213747).\n- scsi: qla2xxx: fix tmf leak through (bsc#1213747).\n- scsi: qla2xxx: limit tmf to 8 per function (bsc#1213747).\n- scsi: qla2xxx: pointer may be dereferenced (bsc#1213747).\n- scsi: qla2xxx: remove unused nvme_ls_waitq wait queue (bsc#1213747).\n- scsi: qla2xxx: replace one-element array with declare_flex_array() helper (bsc#1213747).\n- scsi: qla2xxx: silence a static checker warning (bsc#1213747).\n- scsi: qla2xxx: turn off noisy message log (bsc#1213747).\n- scsi: qla2xxx: update version to 10.02.08.400-k (bsc#1213747).\n- scsi: qla2xxx: update version to 10.02.08.500-k (bsc#1213747).\n- scsi: qla2xxx: use vmalloc_array() and vcalloc() (bsc#1213747).\n- security: keys: modify mismatched function name (git-fixes).\n- selftests: mptcp: depend on syn_cookies (git-fixes).\n- selftests: mptcp: sockopt: return error if wrong mark (git-fixes).\n- selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes).\n- selftests: tc: add 'ct' action kconfig dep (git-fixes).\n- selftests: tc: add conntrack procfs kconfig (git-fixes).\n- selftests: tc: set timeout to 15 minutes (git-fixes).\n- serial: qcom-geni: drop bogus runtime pm state update (git-fixes).\n- serial: sifive: fix sifive_serial_console_setup() section (git-fixes).\n- signal/powerpc: on swapcontext failure force sigsegv (bsc#1194869).\n- signal: replace force_sigsegv(sigsegv) with force_fatal_sig(sigsegv) (bsc#1194869).\n- smb3: do not reserve too many oplock credits (bsc#1193629).\n- smb3: missing null check in smb2_change_notify (bsc#1193629).\n- smb: client: fix broken file attrs with nodfs mounts (bsc#1193629).\n- smb: client: fix missed ses refcounting (git-fixes).\n- smb: client: fix parsing of source mount option (bsc#1193629).\n- smb: client: fix shared dfs root mounts with different prefixes (bsc#1193629).\n- smb: client: fix warning in cifs_match_super() (bsc#1193629).\n- smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).\n- smb: client: fix warning in cifsfindfirst() (bsc#1193629).\n- smb: client: fix warning in cifsfindnext() (bsc#1193629).\n- smb: client: fix warning in generic_ip_connect() (bsc#1193629).\n- smb: client: improve dfs mount check (bsc#1193629).\n- smb: client: remove redundant pointer 'server' (bsc#1193629).\n- smb: delete an unnecessary statement (bsc#1193629).\n- smb: move client and server files to common directory fs/smb (bsc#1193629).\n- smb: remove obsolete comment (bsc#1193629).\n- soundwire: qcom: fix storing port config out-of-bounds (git-fixes).\n- soundwire: qcom: update status correctly with mask (git-fixes).\n- spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes).\n- spi: bcm63xx: fix max prepend length (git-fixes).\n- staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes).\n- staging: r8712: fix memory leak in _r8712_init_xmit_priv() (git-fixes).\n- sunrpc: always free ctxt when freeing deferred request (git-fixes).\n- sunrpc: double free xprt_ctxt while still in use (git-fixes).\n- sunrpc: fix trace_svc_register() call site (git-fixes).\n- sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes).\n- sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes).\n- sunrpc: remove the maximum number of retries in call_bind_status (git-fixes).\n- svcrdma: prevent page release when nothing was received (git-fixes).\n- tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes).\n- tpm_tis: explicitly check for error code (git-fixes).\n- tty: n_gsm: fix uaf in gsm_cleanup_mux (git-fixes).\n- tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes).\n- ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584).\n- ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).\n- ubifs: add missing iput if do_tmpfile() failed in rename whiteout (git-fixes).\n- ubifs: do_rename: fix wrong space budget when target inode's nlink \u003e 1 (git-fixes).\n- ubifs: error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes).\n- ubifs: fix 'ui-\u003edirty' race between do_tmpfile() and writeback work (git-fixes).\n- ubifs: fix aa deadlock when setting xattr for encrypted file (git-fixes).\n- ubifs: fix build errors as symbol undefined (git-fixes).\n- ubifs: fix deadlock in concurrent rename whiteout and inode writeback (git-fixes).\n- ubifs: fix memory leak in alloc_wbufs() (git-fixes).\n- ubifs: fix memory leak in do_rename (git-fixes).\n- ubifs: fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes).\n- ubifs: fix to add refcount once page is set private (git-fixes).\n- ubifs: fix wrong dirty space budget for dirty inode (git-fixes).\n- ubifs: free memory for tmpfile name (git-fixes).\n- ubifs: rectify space amount budget for mkdir/tmpfile operations (git-fixes).\n- ubifs: rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes).\n- ubifs: rectify space budget for ubifs_xrename() (git-fixes).\n- ubifs: rename whiteout atomically (git-fixes).\n- ubifs: rename_whiteout: correct old_dir size computing (git-fixes).\n- ubifs: rename_whiteout: fix double free for whiteout_ui-\u003edata (git-fixes).\n- ubifs: reserve one leb for each journal head while doing budget (git-fixes).\n- ubifs: setflags: make dirtied_ino_d 8 bytes aligned (git-fixes).\n- ubifs: ubifs_writepage: mark page dirty after writing inode failed (git-fixes).\n- udf: avoid double brelse() in udf_rename() (bsc#1213032).\n- udf: define efscorrupted error code (bsc#1213038).\n- udf: detect system inodes linked into directory hierarchy (bsc#1213114).\n- udf: discard preallocation before extending file with a hole (bsc#1213036).\n- udf: do not bother looking for prealloc extents if i_lenextents matches i_size (bsc#1213035).\n- udf: do not bother merging very long extents (bsc#1213040).\n- udf: do not update file length for failed writes to inline files (bsc#1213041).\n- udf: fix error handling in udf_new_inode() (bsc#1213112).\n- udf: fix extending file within last block (bsc#1213037).\n- udf: fix preallocation discarding at indirect extent boundary (bsc#1213034).\n- udf: preserve link count of system files (bsc#1213113).\n- udf: truncate added extents on failed expansion (bsc#1213039).\n- update config and supported.conf files due to renaming.\n- update suse/rdma-mthca-fix-crash-when-polling-cq-for-shared-qps. (git-fixes bsc#1212604). added bug reference.\n- usb: dwc2: fix some error handling paths (git-fixes).\n- usb: dwc2: platform: improve error reporting for problems during .remove() (git-fixes).\n- usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes).\n- usb: dwc3: pci: skip byt gpio lookup table for hardwired phy (git-fixes).\n- usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes).\n- usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes).\n- usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes).\n- usb: serial: option: add lara-r6 01b pids (git-fixes).\n- usb: xhci-mtk: set the dma max_seg_size (git-fixes).\n- vhost: support packed when setting-getting vring_base (git-fixes).\n- vhost_net: revert upend_idx only on retriable error (git-fixes).\n- virtio-net: maintain reverse cleanup order (git-fixes).\n- virtio_net: fix error unwinding of xdp initialization (git-fixes).\n- wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes).\n- wifi: ray_cs: drop useless status variable in parse_addr() (git-fixes).\n- wifi: ray_cs: utilize strnlen() in parse_addr() (git-fixes).\n- wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes).\n- wl3501_cs: use eth_hw_addr_set() (git-fixes).\n- writeback: fix call of incorrect macro (bsc#1213024).\n- x86/pvh: obtain vga console info in dom0 (git-fixes).\n- x86: fix .brk attribute in linker script (git-fixes).\n- xen/blkfront: only check req_fua for writes (git-fixes).\n- xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes).\n- xfs: ail needs asynchronous cil forcing (bsc#1211811).\n- xfs: async cil flushes need pending pushes to be made stable (bsc#1211811).\n- xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811).\n- xfs: cil work is serialised, not pipelined (bsc#1211811).\n- xfs: clean up the rtbitmap fsmap backend (git-fixes).\n- xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes).\n- xfs: do not reverse order of items in bulk ail insertion (git-fixes).\n- xfs: do not run shutdown callbacks on active iclogs (bsc#1211811).\n- xfs: drop async cache flushes from cil commits (bsc#1211811).\n- xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811).\n- xfs: fix getfsmap reporting past the last rt extent (git-fixes).\n- xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes).\n- xfs: fix interval filtering in multi-step fsmap queries (git-fixes).\n- xfs: fix logdev fsmap query result filtering (git-fixes).\n- xfs: fix off-by-one error when the last rt extent is in use (git-fixes).\n- xfs: fix uninitialized variable access (git-fixes).\n- xfs: make fsmap backend function key parameters const (git-fixes).\n- xfs: make the record pointer passed to query_range functions const (git-fixes).\n- xfs: move the cil workqueue to the cil (bsc#1211811).\n- xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).\n- xfs: order cil checkpoint start records (bsc#1211811).\n- xfs: pass a cil context to xlog_write() (bsc#1211811).\n- xfs: pass explicit mount pointer to rtalloc query functions (git-fixes).\n- xfs: rework xlog_state_do_callback() (bsc#1211811).\n- xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811).\n- xfs: separate out log shutdown callback processing (bsc#1211811).\n- xfs: wait iclog complete before tearing down ail (bsc#1211811).\n- xfs: xlog_state_ioerror must die (bsc#1211811).\n- xhci: fix resume issue of some zhaoxin hosts (git-fixes).\n- xhci: fix trb prefetch issue of zhaoxin hosts (git-fixes).\n- xhci: show zhaoxin xhci root hub speed correctly (git-fixes).\n","modified":"2026-02-04T04:05:01.426557Z","published":"2023-08-15T08:34:21Z","related":["CVE-2022-40982","CVE-2023-0459","CVE-2023-20569","CVE-2023-20593","CVE-2023-21400","CVE-2023-2156","CVE-2023-2166","CVE-2023-2985","CVE-2023-31083","CVE-2023-3117","CVE-2023-31248","CVE-2023-3268","CVE-2023-3390","CVE-2023-35001","CVE-2023-3567","CVE-2023-3609","CVE-2023-3611","CVE-2023-3776","CVE-2023-3812","CVE-2023-4004"],"upstream":["CVE-2022-40982","CVE-2023-0459","CVE-2023-20569","CVE-2023-20593","CVE-2023-21400","CVE-2023-2156","CVE-2023-2166","CVE-2023-2985","CVE-2023-31083","CVE-2023-3117","CVE-2023-31248","CVE-2023-3268","CVE-2023-3390","CVE-2023-35001","CVE-2023-3567","CVE-2023-3609","CVE-2023-3611","CVE-2023-3776","CVE-2023-3812","CVE-2023-4004"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20233318-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1150305"},{"type":"REPORT","url":"https://bugzilla.suse.com/1193629"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194869"},{"type":"REPORT","url":"https://bugzilla.suse.com/1206418"},{"type":"REPORT","url":"https://bugzilla.suse.com/1207129"},{"type":"REPORT","url":"https://bugzilla.suse.com/1207894"},{"type":"REPORT","url":"https://bugzilla.suse.com/1208788"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210565"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210584"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210627"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210780"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210853"},{"type":"REPORT","url":"https://bugzilla.suse.com/1211131"},{"type":"REPORT","url":"https://bugzilla.suse.com/1211243"},{"type":"REPORT","url":"https://bugzilla.suse.com/1211738"},{"type":"REPORT","url":"https://bugzilla.suse.com/1211811"},{"type":"REPORT","url":"https://bugzilla.suse.com/1211867"},{"type":"REPORT","url":"https://bugzilla.suse.com/1212301"},{"type":"REPORT","url":"https://bugzilla.suse.com/1212502"},{"type":"REPORT","url":"https://bugzilla.suse.com/1212604"},{"type":"REPORT","url":"https://bugzilla.suse.com/1212846"},{"type":"REPORT","url":"https://bugzilla.suse.com/1212901"},{"type":"REPORT","url":"https://bugzilla.suse.com/1212905"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213010"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213011"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213012"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213013"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213014"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213015"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213016"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213017"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213018"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213019"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213020"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213021"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213024"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213025"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213032"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213034"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213035"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213036"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213037"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213038"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213039"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213040"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213041"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213059"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213061"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213087"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213088"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213089"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213090"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213092"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213093"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213094"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213095"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213096"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213098"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213099"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213100"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213102"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213103"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213104"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213105"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213106"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213107"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213108"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213109"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213110"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213111"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213112"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213113"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213114"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213134"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213167"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213245"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213247"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213252"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213258"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213259"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213263"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213264"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213272"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213286"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213287"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213304"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213523"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213524"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213543"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213585"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213586"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213588"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213620"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213653"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213705"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213713"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213715"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213747"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213756"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213759"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213777"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213810"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213812"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213856"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213857"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213863"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213867"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213870"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213871"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-40982"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-0459"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-20569"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-20593"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-21400"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-2156"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-2166"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-2985"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-31083"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-3117"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-31248"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-3268"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-3390"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-35001"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-3567"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-3609"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-3611"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-3776"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-3812"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-4004"}],"affected":[{"package":{"name":"kernel-rt","ecosystem":"SUSE:Linux Enterprise Micro 5.3","purl":"pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.14.21-150400.15.46.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-rt":"5.14.21-150400.15.46.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:3318-1.json"}},{"package":{"name":"kernel-rt","ecosystem":"SUSE:Linux Enterprise Micro 5.4","purl":"pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.14.21-150400.15.46.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-rt":"5.14.21-150400.15.46.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:3318-1.json"}},{"package":{"name":"kernel-livepatch-SLE15-SP4-RT_Update_11","ecosystem":"SUSE:Linux Enterprise Live Patching 15 SP4","purl":"pkg:rpm/suse/kernel-livepatch-SLE15-SP4-RT_Update_11&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1-150400.1.5.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-livepatch-5_14_21-150400_15_46-rt":"1-150400.1.5.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:3318-1.json"}},{"package":{"name":"kernel-rt","ecosystem":"SUSE:Real Time Module 15 SP4","purl":"pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.14.21-150400.15.46.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-rt_debug-devel":"5.14.21-150400.15.46.1","kernel-rt-devel":"5.14.21-150400.15.46.1","kernel-syms-rt":"5.14.21-150400.15.46.1","kernel-rt":"5.14.21-150400.15.46.1","kernel-devel-rt":"5.14.21-150400.15.46.1","cluster-md-kmp-rt":"5.14.21-150400.15.46.1","ocfs2-kmp-rt":"5.14.21-150400.15.46.1","kernel-rt_debug":"5.14.21-150400.15.46.1","kernel-source-rt":"5.14.21-150400.15.46.1","dlm-kmp-rt":"5.14.21-150400.15.46.1","gfs2-kmp-rt":"5.14.21-150400.15.46.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:3318-1.json"}},{"package":{"name":"kernel-rt_debug","ecosystem":"SUSE:Real Time Module 15 SP4","purl":"pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.14.21-150400.15.46.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-rt_debug-devel":"5.14.21-150400.15.46.1","kernel-rt-devel":"5.14.21-150400.15.46.1","kernel-syms-rt":"5.14.21-150400.15.46.1","kernel-rt":"5.14.21-150400.15.46.1","kernel-devel-rt":"5.14.21-150400.15.46.1","cluster-md-kmp-rt":"5.14.21-150400.15.46.1","ocfs2-kmp-rt":"5.14.21-150400.15.46.1","kernel-rt_debug":"5.14.21-150400.15.46.1","kernel-source-rt":"5.14.21-150400.15.46.1","dlm-kmp-rt":"5.14.21-150400.15.46.1","gfs2-kmp-rt":"5.14.21-150400.15.46.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:3318-1.json"}},{"package":{"name":"kernel-source-rt","ecosystem":"SUSE:Real Time Module 15 SP4","purl":"pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.14.21-150400.15.46.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-rt_debug-devel":"5.14.21-150400.15.46.1","kernel-rt-devel":"5.14.21-150400.15.46.1","kernel-syms-rt":"5.14.21-150400.15.46.1","kernel-rt":"5.14.21-150400.15.46.1","kernel-devel-rt":"5.14.21-150400.15.46.1","cluster-md-kmp-rt":"5.14.21-150400.15.46.1","ocfs2-kmp-rt":"5.14.21-150400.15.46.1","kernel-rt_debug":"5.14.21-150400.15.46.1","kernel-source-rt":"5.14.21-150400.15.46.1","dlm-kmp-rt":"5.14.21-150400.15.46.1","gfs2-kmp-rt":"5.14.21-150400.15.46.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:3318-1.json"}},{"package":{"name":"kernel-syms-rt","ecosystem":"SUSE:Real Time Module 15 SP4","purl":"pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.14.21-150400.15.46.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-rt_debug-devel":"5.14.21-150400.15.46.1","kernel-rt-devel":"5.14.21-150400.15.46.1","kernel-syms-rt":"5.14.21-150400.15.46.1","kernel-rt":"5.14.21-150400.15.46.1","kernel-devel-rt":"5.14.21-150400.15.46.1","cluster-md-kmp-rt":"5.14.21-150400.15.46.1","ocfs2-kmp-rt":"5.14.21-150400.15.46.1","kernel-rt_debug":"5.14.21-150400.15.46.1","kernel-source-rt":"5.14.21-150400.15.46.1","dlm-kmp-rt":"5.14.21-150400.15.46.1","gfs2-kmp-rt":"5.14.21-150400.15.46.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:3318-1.json"}},{"package":{"name":"kernel-rt","ecosystem":"openSUSE:Leap Micro 5.3","purl":"pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%20Micro%205.3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.14.21-150400.15.46.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-rt":"5.14.21-150400.15.46.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:3318-1.json"}},{"package":{"name":"kernel-rt","ecosystem":"openSUSE:Leap Micro 5.4","purl":"pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%20Micro%205.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.14.21-150400.15.46.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-rt":"5.14.21-150400.15.46.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:3318-1.json"}},{"package":{"name":"kernel-rt","ecosystem":"openSUSE:Leap 15.4","purl":"pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.14.21-150400.15.46.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-rt_debug-devel":"5.14.21-150400.15.46.1","kernel-rt-devel":"5.14.21-150400.15.46.1","kernel-syms-rt":"5.14.21-150400.15.46.1","kernel-rt":"5.14.21-150400.15.46.1","kernel-devel-rt":"5.14.21-150400.15.46.1","cluster-md-kmp-rt":"5.14.21-150400.15.46.1","ocfs2-kmp-rt":"5.14.21-150400.15.46.1","kernel-rt_debug":"5.14.21-150400.15.46.1","kernel-source-rt":"5.14.21-150400.15.46.1","dlm-kmp-rt":"5.14.21-150400.15.46.1","gfs2-kmp-rt":"5.14.21-150400.15.46.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:3318-1.json"}},{"package":{"name":"kernel-rt_debug","ecosystem":"openSUSE:Leap 15.4","purl":"pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.14.21-150400.15.46.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-rt_debug-devel":"5.14.21-150400.15.46.1","kernel-rt-devel":"5.14.21-150400.15.46.1","kernel-syms-rt":"5.14.21-150400.15.46.1","kernel-rt":"5.14.21-150400.15.46.1","kernel-devel-rt":"5.14.21-150400.15.46.1","cluster-md-kmp-rt":"5.14.21-150400.15.46.1","ocfs2-kmp-rt":"5.14.21-150400.15.46.1","kernel-rt_debug":"5.14.21-150400.15.46.1","kernel-source-rt":"5.14.21-150400.15.46.1","dlm-kmp-rt":"5.14.21-150400.15.46.1","gfs2-kmp-rt":"5.14.21-150400.15.46.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:3318-1.json"}},{"package":{"name":"kernel-source-rt","ecosystem":"openSUSE:Leap 15.4","purl":"pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.14.21-150400.15.46.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-rt_debug-devel":"5.14.21-150400.15.46.1","kernel-rt-devel":"5.14.21-150400.15.46.1","kernel-syms-rt":"5.14.21-150400.15.46.1","kernel-rt":"5.14.21-150400.15.46.1","kernel-devel-rt":"5.14.21-150400.15.46.1","cluster-md-kmp-rt":"5.14.21-150400.15.46.1","ocfs2-kmp-rt":"5.14.21-150400.15.46.1","kernel-rt_debug":"5.14.21-150400.15.46.1","kernel-source-rt":"5.14.21-150400.15.46.1","dlm-kmp-rt":"5.14.21-150400.15.46.1","gfs2-kmp-rt":"5.14.21-150400.15.46.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:3318-1.json"}},{"package":{"name":"kernel-syms-rt","ecosystem":"openSUSE:Leap 15.4","purl":"pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.14.21-150400.15.46.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-rt_debug-devel":"5.14.21-150400.15.46.1","kernel-rt-devel":"5.14.21-150400.15.46.1","kernel-syms-rt":"5.14.21-150400.15.46.1","kernel-rt":"5.14.21-150400.15.46.1","kernel-devel-rt":"5.14.21-150400.15.46.1","cluster-md-kmp-rt":"5.14.21-150400.15.46.1","ocfs2-kmp-rt":"5.14.21-150400.15.46.1","kernel-rt_debug":"5.14.21-150400.15.46.1","kernel-source-rt":"5.14.21-150400.15.46.1","dlm-kmp-rt":"5.14.21-150400.15.46.1","gfs2-kmp-rt":"5.14.21-150400.15.46.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:3318-1.json"}}],"schema_version":"1.7.3"}